Re: [squid-users] Exchange WebServices from Amos Jeffries on 2012-03-06 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Wed, 07 Mar 2012 09:45:57 +1300

On 7/03/2012 6:27 a.m., Fuchs, Martin wrote:
> Hi !
>
> Does anyone use Exchange-WebServices with squid ?
> We have it up and running with squid 3.1.19 under freebsd with the following config-options, but it takes very long to establish the first connection.
> When directly natting ews it's much faster.
>
>
> https_port xxx.xxx.xxx.xxx:443 accel cert=/usr/local/etc/squid/4f50b44b67bf9.crt key=/usr/local/etc/squid/4f50b44b67bf9.key defaultsite=g1.xxx.de
> cache_peer yyy.yyy.yyy.yyy parent 443 0 proxy-only no-query originserver login=PASS connection-auth=on ssl sslflags=DONT_VERIFY_PEER front-end-https=on name=OWA_HOST_pfs
> acl OWA_URI_pfs url_regex -i ^https:// g1. xxx.de/owa.*$
> acl OWA_URI_pfs url_regex -i ^https:// g1. xxx.de/exchange.*$
> acl OWA_URI_pfs url_regex -i ^https:// g1. xxx.de/public.*$
> acl OWA_URI_pfs url_regex -i ^https:// g1. xxx.de/exchweb.*$
> acl OWA_URI_pfs url_regex -i ^https:// g1. xxx.de/ecp.*$
> acl OWA_URI_pfs url_regex -i ^https:// g1. xxx.de/OAB.*$
> acl OWA_URI_pfs url_regex -i ^https:// g1. xxx.de/Microsoft-Server-ActiveSync.*$
> acl OWA_URI_pfs url_regex -i ^https:// g1. xxx.de/rpc/rpcproxy.dll.*$
> acl OWA_URI_pfs url_regex -i ^https:// g1. xxx.de/rpcwithcert/rpcproxy.dll.*$

As opposed to the faster method:

acl HTTPS proto HTTPS
acl OWA dstdomain g1.xxx.de

cache_peer_access OWA_HOST_pfs allow HTTPS OWA
http_access allow HTTPS OWA

If you really must enumerate all the individual services for some
reason, use urlpath_regex like so:

acl OWA dstdomain g1.xxx.de
acl OWA dstdomain g1.xxx.de

acl OWA_pfs url_regex -i ^/owa ^/exchange ^/public

... etc.

cache_peer_access OWA_HOST_pfs allow HTTPS OWA OWA_pfs
http_access allow HTTPS OWA OWA_pfs

> ignore_expect_100 on
> acl OWA_URI_pfs url_regex -i ^https:// g1. xxx.de/EWS.*$
> cache_peer_access OWA_HOST_pfs allow OWA_URI_pfs
> cache_peer_access OWA_HOST_pfs deny allsrc
> never_direct allow OWA_URI_pfs
> http_access allow OWA_URI_pfs
>
> in the access.log we get the following errors
>
> 1331048055.562 6 207.46.14.63 TCP_MISS/401 312 POST https://g1.xxx.de/EWS/Exchange.asmx - FIRST_UP_PARENT/OWA_HOST_pfs -
> 1331048055.929 6 207.46.14.63 TCP_MISS/401 705 POST https://g1.xxx.de/EWS/Exchange.asmx - FIRST_UP_PARENT/OWA_HOST_pfs -
> 1331048056.186 138 207.46.14.63 TCP_MISS/200 1422 POST https://g1.xxx.de/EWS/Exchange.asmx - PINNED/OWA_HOST_pfs text/xml
>
> Does anyone have any experiences or ideas ?

ignore_expect_100 could be the reason. Exchange tries to use
Expect:100-continue feature sometimes. Your browser may be timing out
before it sends POST'd data.

Although that said, the above POST look to be part of an NTLM handshake
and only taking 150ms.

Amos
Received on Tue Mar 06 2012 - 20:46:05 MST

This archive was generated by hypermail 2.2.0 : Wed Mar 07 2012 - 12:00:02 MST